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Response to Amendment 

1 . This office action is responsive to Applicant's amendment received on 
08/08/2007. Claims 1-70 are pending 

2. Claim objections have been removed due to applicant's amendment. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
states. 

4. Claims 1-4, 8-19. 22-29. 33-44. 47-52. 56-67 and 70 are rejected under 35 
U.S.C. 102(b) as being anticipated by Freund (US 5,987,611). 

Regarding claims 1, 26 and 49, Freund discloses a method for controlling 
connections to a compute upon its initial deployment of the computer, applying a pre- 
configured security policy that establishes a restricted zone of at least one pre-approved 
host that the computer may connect to upon its initial deployment, so that the computer 
is not allowed to participate with general connectivity to the internet until security- 
relevant updates have been completed (col. 14, lines 14-23; col. 15, lines 26-33; col. 16, 
lines 1-3); receiving a request for a connection from the compute to a particular host 
(col. 15, lines 14-16); based on said pre-configured security policy, determining whether 
the particular host is within the restricted zone of at least one pre-approved host (col. 
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15, lines 26-34; col. 16, lines 1-3); blocking said connection if said particular host is not 
within the restricted zone of at least one pre-approved host (col. 19, lines 61-66; col. 4 
lines 1-4); and once the computer has complied with the security update policy, lifting 
the restricted zone so that the computer is allowed to participate with general 
connectivity to the internet (col. 14, lines 14-23; col. 15, lines 26-33; col. 16, lines 1-3). 

Regarding claims 2, 17, 27, 42, and 65, Freund discloses the method of claim 
1, further comprising: prior to the initial deployment of the computer includes a hard disk 
having a manufacturer-provided disk image, and wherein the manufacturer-provided 
disk image include preconfigured security policy (the prior art disclosed a pre-package 
security rules in the system and hard disk for storage, therefore it is a fact that the 
preconfigured image is stored in the hard disk, further applicant discloses in the 
background of the specification that pre-installing imaging in hard disk is well known in 
the art see paragraph 1 1 and 13 (col. 25, lines 3-10; col. 7, line 40). 

Regarding claims 3 and 28 Freund discloses the method wherein the computer 
comprises the portable computer and initial deployment includes establishing Internet 
connectivity (col. 15, lines 14-16). 

Regarding claims 4 and 29, Freund discloses the method wherein the restricted 
zone comprises a pre-access restricted zone specifically for a new machine (col. 26, 
lines 60-64; col. 23, line 2-3). 

Regarding claims 8, 33 and 56, Freund discloses the method wherein said 
blocking step includes, instructing a firewall, which is responsive to said preconfigured 
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security policy, to biocl< connections to any host tliat is not within the restricted zone of 
at least one pre-approved hosts (col. 12, lines 61-64). 

Regarding claims 9-12, 22, 34-37, 47, 57-60 and 70, Freund discloses the 

* 

method wherein the pre-approved host comprises specific security-relevant sites; (the 
limitation of the specific sites include antivirus, firewall and end point security websites 
is implicitly disclosed within the prior art, as the rules can be set to block or allow 
whatever site the administrator or user need to block or allow (col. 23, lines 66-67; col. 
24, lines 1-5)). 

Regarding claims 13, 38 and 61, Freund discloses the method wherein other 
attempted connections to the computer are refused (col. 25, lines 1-13; col. 14, lines 13- 
22; col. 19, lines 57-60). 

Regarding claims 14-15, 39-40 and 62-63, Freund discloses the method further 
comprising upon the computer completing updating of security sub-systems, removing 
the restricted zone so that the computer may connect to other machines (the prior art 
discloses a system with pre-existing rules that can be updated to include as well as 
exclude host that the system may connect to (col. 24, lines 40-44; col. 26, lines 18-42; 
col. 27, lines 25-32; col. 25, lines 22-30)). 

Regarding claims 16, 41 and 64, Freund discloses the method wherein the 
preconfigured security policy is preinstalled on the computer prior to user purchase (the 
prior art discloses a system with a pre-defined or pre-package access right which meets 
the limitation of preinstalled prior to purchase (col. 25, lines 3-10). 
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Regarding claims 18, 43 and 66, Freund discloses the method wherein the 
computer is not allowed to participate with general connectivity to the Internet until 
security-relevant updates have been performed (col, 22, lines 38-41). 

Regarding claims 19, 44 and 67, Freund discloses the method further 
comprising providing an option that allows a user to override the preconfigured security 
update policy (col. 27, lines 18-19). 

Regarding claims 23 and 48, Freund discloses the method further comprising 
upon first attempted connection of the computer downloading an updated list of hosts 
that the computer may initially connect to (col. 22, lines 20-31). 

Regarding claim 24, Freund discloses a computer-readable medium having 
processor-executable instructions for performing the method of claim 1 (col. 7, lines 39- 
41). 

Regarding claim 25, Freund discloses a downloadable set of processor- 
executable instructions for performing the method of claim 1 (col. 7, lines 39-41; col. 5, 
lines 25-26; col. 21, lines 29-37). 

Claim Rejections - 35 USC § 103 
5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, If the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



I 



Application/Control Number: 10/710,781 Page 6 

Art Unit: 2137 

6. Claims 5-6. 30-31 and 53-54 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freund (US 5,987,61 1) in view of Perkins et al. (US 2004/0187028 
A1). 

Regarding claims claim 5, 30 and 53, Freund discloses all the limitation of 
claims 5, except the method wherein said preconfigured security update policy operates 
to prevent the computer from being remotely accessed by another computer upon initial 
deployment. The general concept of applying a policy rule to prevent remote access to 
a computer system is well known in the art as illustrated by Perkins, which discloses a 
firewall blocking remote access to a computer system (para. 0017, lines 7-9), therefore 
it would have been obvious for one of ordinary skill in the art at the time of the invention 
to modify Freund to include the use Perkins in order to protect the computer system 
from possible external threats. 

Regarding claims 6, 31 and 54, Freund discloses all the limitations of claim 6, 
except the method wherein said preconfigured security update policy operates to 
prevent the computer from being remotely probed for vulnerabilities by other computers. 
The general concept of preventing a computer from being remotely probed for 
vulnerabilities is well known in the art as illustrated by Perkins, which discloses a firewall 
to block remote access from a computer system (para. 0017, lines 7-9). Therefore it 
would have been obvious for one of ordinary skill in the art at the time of the invention to 
modify Freund to include the use of Perkins in order to protect a computer system from 
being attack by an external computer. 
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7. Claims 7, 32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Freund (US 5,987,611) in view of Aroya (US 2004/0177274 A1) 

Regarding claims 7, 32 and 55, Freund discloses all the limitation of claim 7, 
except the method wherein said preconfigured security update policy operates to 
prevent the computer from being infected by a malicious program delivered through an 
open port. The general concept of preventing attacks from open port access is well 
known in the art as illustrated by Aroya, which discloses filtering and controlling port 
access as to reduce vulnerabilities to a computer system (para. 0006, lines 1-9). 
. Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Freund to include the use of Aroya in order to protect a computer 
system from being attack through open ports. 

« 

8. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Freund 
(US 5.987,61 1) in view of Marchosky (US 2004/01 17215 A1). 

Regarding claims 20-21, 45-46 and 68-69, Freund disclosed all the limitation of 
claim 20-21 , except providing a warning to user and displaying a disclaimer to user. The 

I 

general concept of providing a warning and displaying a disclaimer to user is well known 
in the art as illustrated by Marchosky, which discloses a warning is provided to a user 
and a disclaimer (para. 0188, lines 7-9). Therefore it would have been obvious for one 
of ordinary skill in the art at the time of the invention to modify Freund to include the use 
of providing a warning and disclaimer to a user in order to let user know of their 
responsibilities upon overriding security policy. 
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Response to Arguments 

9. Applicants arguments filed 08/08/2007 have been fully considered but they are 
not persuasive. 

1 . Applicant argues that the prior art does not teach a pre-access firewall and 
access rules that limit a machine at the system level to only accessing specific sites. 
Examiner disagrees, the prior art discloses that the client system only allows or/and 
disallows connection to website base on the name of the website or/and the website IP 
address (Col. 19, lines 44-67; col. 20, lines 44-49; col. 24, lines 4-5). 

2. Applicant argues that the prior art does not disclose, "Only upon a given 
machine completing updating of security subsystem is the machine's security policy 
updated to allow other connections to occur". Examiner disagrees, the prior art 
discloses transmitting a set of default rules for the particular client, if no particular rules 
are already defined for the client, which would be the case for a new client on the 
network (col. 5, lines 33-64; col. 15, lines 22-33; col. 16, rmes1-3), further the prior art 
discloses that only certified workstations are allowed access to the internet (col. 14, 
lines 13-19; col. 12, lines 54-65). 

3. Applicant argues the patentability of claims 5-6, 30-31 and 53-54 by 
individually addressing the references used to reject the claims. It is noted that the 
claims above are rejected as being obvious using a combination of the references. 
Applicant can not show non-obviousness by attacking the references individually where, 
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as here the rejections are based on a combination of references, In re Keller, 208 
USPQ 871 (CCPA1981). 

Conclusion 

9 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Esteve Mede whose telephone number is 571-270- 
1594. The examiner can normally be reached on Monday thru Friday, 8:30-5:00 PM, 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomiation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Esteve Mede 
EM 

November 1 , 2007 
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